UI: reads and uses the public key from pem file to send a jwk during …

…credential construction

docker-compose.yaml

@@ -21,6 +21,7 @@ services:
     restart: always
     volumes:
       - ./config.yaml:/config.yaml:ro
+      - ./developer_tools/private_ec256.pem:/private_ec256.pem:ro
     depends_on:
       #      apigw:
       #        condition: service_started

internal/ui/apiv1/client.go

@@ -2,6 +2,14 @@ package apiv1
 
 import (
 	"context"
+	"crypto/ecdsa"
+	"encoding/json"
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/lestrrat-go/jwx/jwk"
+	"os"
+	"time"
+	"vc/internal/gen/issuer/apiv1_issuer"
+	"vc/pkg/helpers"
 	"vc/pkg/logger"
 	"vc/pkg/model"
 	"vc/pkg/trace"
@@ -16,6 +24,12 @@ type Client struct {
 	mockasClient   *MockASClient
 	verifierClient *VerifierClient
 	eventPublisher EventPublisher
+
+	privateKey *ecdsa.PrivateKey
+	publicKey  *ecdsa.PublicKey
+	jwkBytes   []byte
+	jwkProto   *apiv1_issuer.Jwk
+	kid        string
 }
 
 // New creates a new instance of user interface web page
@@ -28,9 +42,69 @@ func New(ctx context.Context, cfg *model.Cfg, tracer *trace.Tracer, eventPublish
 		mockasClient:   NewMockASClient(cfg, tracer, log.New("mockas_client")),
 		verifierClient: NewVerifierClient(cfg, tracer, log.New("verifier_client")),
 		eventPublisher: eventPublisher,
+		jwkProto:       &apiv1_issuer.Jwk{},
+	}
+
+	err := c.initKeys(ctx)
+	if err != nil {
+		return nil, err
 	}
 
 	c.log.Info("Started")
 
 	return c, nil
 }
+
+func (c *Client) initKeys(ctx context.Context) error {
+	keyByte, err := os.ReadFile(c.cfg.Issuer.SigningKeyPath)
+	if err != nil {
+		c.log.Error(err, "Failed to read signing key, please create a ECDSA prime256v1 key and save it to the path")
+		return err
+	}
+
+	if keyByte == nil {
+		return helpers.ErrPrivateKeyMissing
+	}
+
+	c.privateKey, err = jwt.ParseECPrivateKeyFromPEM(keyByte)
+	if err != nil {
+		return err
+	}
+
+	c.publicKey = &c.privateKey.PublicKey
+
+	if err := c.createJWK(ctx); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (c *Client) createJWK(ctx context.Context) error {
+	ctx, cancel := context.WithDeadline(ctx, time.Now().Add(2*time.Second))
+	defer cancel()
+
+	key, err := jwk.New(c.privateKey)
+	if err != nil {
+		return err
+	}
+
+	key.Set("kid", "default_signing_key_id")
+
+	if c.cfg.Issuer.JWTAttribute.Kid != "" {
+		key.Set("kid", c.cfg.Issuer.JWTAttribute.Kid)
+	}
+
+	c.kid = key.KeyID()
+
+	c.jwkBytes, err = json.MarshalIndent(key, "", "  ")
+	if err != nil {
+		return err
+	}
+
+	if err := json.Unmarshal(c.jwkBytes, c.jwkProto); err != nil {
+		return err
+	}
+
+	return nil
+}

internal/ui/apiv1/handlers.go

@@ -85,12 +85,31 @@ type CredentialRequest struct {
 // Credential sends POST to apigw /api/v1/credential
 func (c *Client) Credential(ctx context.Context, req *CredentialRequest) (any, error) {
 	req.JWK = map[string]any{
-		"kty": "EC",
-		"crv": "P-256",
-		"kid": "ejV4WXZMQnE4Sy1meGJRUGFvZ2NiZHltUGQ5SmdNNy1KS1hjYTNOZGdTMA",
-		"x":   "cyViIENmqo4D2CVOc2uGZbe5a8NheCyvN9CsF7ui3tk",
-		"y":   "XA0lVXgjgZzFTDwkndZEo-zVr9ieO2rY9HGiiaaASog",
+		"kty": c.jwkProto.Kty,
+		"crv": c.jwkProto.Crv,
+		"kid": c.jwkProto.Kid,
+		"x":   c.jwkProto.X,
+		"y":   c.jwkProto.Y,
 	}
+
+	//// mk public key
+	//{
+	//	"kty": "EC",
+	//	"crv": "P-256",
+	//	"kid": "eu919wsUwlYDgW-uCd0tmTorovyRIbIp2iasJRnJEjU",
+	//	"x":   "Cdj7z0qgkhiDqUcdQLPH4c3h3icT4bOP5aIjjU_hu-I",
+	//	"y":   "Fy_vz3wnc5t1oWIMXtaShexUddY-EynROdaiDRtdf60",
+	//}
+
+	//// masv public key
+	//{
+	//	"kty": "EC",
+	//	"crv": "P-256",
+	//	"kid": "ejV4WXZMQnE4Sy1meGJRUGFvZ2NiZHltUGQ5SmdNNy1KS1hjYTNOZGdTMA",
+	//	"x":   "cyViIENmqo4D2CVOc2uGZbe5a8NheCyvN9CsF7ui3tk",
+	//	"y":   "XA0lVXgjgZzFTDwkndZEo-zVr9ieO2rY9HGiiaaASog",
+	//}
+
 	reply, err := c.apigwClient.Credential(req)
 	if err != nil {
 		return nil, err